Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
07-05-2024 18:51
General
-
Target
128a503197ca8cdb4d4af4de699f7697f9e07e35d2b99e8ee6bc7925a2d6699f.exe
-
Size
460KB
-
MD5
2629d94f0ac8939276d3fd40394f977b
-
SHA1
159989e4d6b03840de88a00e7e05b00fedb1b268
-
SHA256
128a503197ca8cdb4d4af4de699f7697f9e07e35d2b99e8ee6bc7925a2d6699f
-
SHA512
b639d64eb4c24e7e9b10973734ebf370b7c0d5d5d6c96ffdb06bba74504d7b4ff60fd2fdda846ff595314b7be0d942d8678619ccca16d26f6d0c94b0b14984ab
-
SSDEEP
12288:n3C9ytvnVXl3C9nQIWJJGmFHQ3C9X3C9qAfIZ/o+gZ6:SgdnV42RfIJ7+
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 17 IoCs
-
UPX dump on OEP (original entry point) 19 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 19 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\128a503197ca8cdb4d4af4de699f7697f9e07e35d2b99e8ee6bc7925a2d6699f.exe"C:\Users\Admin\AppData\Local\Temp\128a503197ca8cdb4d4af4de699f7697f9e07e35d2b99e8ee6bc7925a2d6699f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\xlxrxrf.exec:\xlxrxrf.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thtthb.exec:\thtthb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rrfffxf.exec:\rrfffxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\thttbb.exec:\thttbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpppd.exec:\vpppd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rlxxflr.exec:\rlxxflr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbnnb.exec:\nnbnnb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\htnttt.exec:\htnttt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\5vppp.exec:\5vppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\xxflflx.exec:\xxflflx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9hnthh.exec:\9hnthh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vvpjv.exec:\vvpjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\9djpd.exec:\9djpd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hthhhh.exec:\hthhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\nnbhnn.exec:\nnbhnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vpddd.exec:\vpddd.exe17⤵
- Executes dropped EXE
-
\??\c:\9lffllr.exec:\9lffllr.exe18⤵
- Executes dropped EXE
-
\??\c:\5thhnn.exec:\5thhnn.exe19⤵
- Executes dropped EXE
-
\??\c:\dpjpp.exec:\dpjpp.exe20⤵
- Executes dropped EXE
-
\??\c:\rfxrxxl.exec:\rfxrxxl.exe21⤵
- Executes dropped EXE
-
\??\c:\9bnnbb.exec:\9bnnbb.exe22⤵
- Executes dropped EXE
-
\??\c:\vpdjv.exec:\vpdjv.exe23⤵
- Executes dropped EXE
-
\??\c:\jvjjp.exec:\jvjjp.exe24⤵
- Executes dropped EXE
-
\??\c:\7xffflx.exec:\7xffflx.exe25⤵
- Executes dropped EXE
-
\??\c:\nththn.exec:\nththn.exe26⤵
- Executes dropped EXE
-
\??\c:\pjvvj.exec:\pjvvj.exe27⤵
- Executes dropped EXE
-
\??\c:\xxfrrlr.exec:\xxfrrlr.exe28⤵
- Executes dropped EXE
-
\??\c:\tnbnnb.exec:\tnbnnb.exe29⤵
- Executes dropped EXE
-
\??\c:\vpjjp.exec:\vpjjp.exe30⤵
- Executes dropped EXE
-
\??\c:\1xrrxxl.exec:\1xrrxxl.exe31⤵
- Executes dropped EXE
-
\??\c:\9hhnnt.exec:\9hhnnt.exe32⤵
- Executes dropped EXE
-
\??\c:\3jppp.exec:\3jppp.exe33⤵
- Executes dropped EXE
-
\??\c:\rfrlxfl.exec:\rfrlxfl.exe34⤵
- Executes dropped EXE
-
\??\c:\bbnthn.exec:\bbnthn.exe35⤵
- Executes dropped EXE
-
\??\c:\hbntbb.exec:\hbntbb.exe36⤵
- Executes dropped EXE
-
\??\c:\9vdvv.exec:\9vdvv.exe37⤵
- Executes dropped EXE
-
\??\c:\fxllxfl.exec:\fxllxfl.exe38⤵
- Executes dropped EXE
-
\??\c:\9hbbbh.exec:\9hbbbh.exe39⤵
- Executes dropped EXE
-
\??\c:\ppdpv.exec:\ppdpv.exe40⤵
- Executes dropped EXE
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe41⤵
- Executes dropped EXE
-
\??\c:\btnnbb.exec:\btnnbb.exe42⤵
- Executes dropped EXE
-
\??\c:\7thhhh.exec:\7thhhh.exe43⤵
- Executes dropped EXE
-
\??\c:\jvpvp.exec:\jvpvp.exe44⤵
- Executes dropped EXE
-
\??\c:\dpddj.exec:\dpddj.exe45⤵
- Executes dropped EXE
-
\??\c:\xrlrflf.exec:\xrlrflf.exe46⤵
- Executes dropped EXE
-
\??\c:\7bnhtb.exec:\7bnhtb.exe47⤵
- Executes dropped EXE
-
\??\c:\bnhtnt.exec:\bnhtnt.exe48⤵
- Executes dropped EXE
-
\??\c:\jdpvd.exec:\jdpvd.exe49⤵
- Executes dropped EXE
-
\??\c:\7fffllr.exec:\7fffllr.exe50⤵
- Executes dropped EXE
-
\??\c:\rlxrxxl.exec:\rlxrxxl.exe51⤵
- Executes dropped EXE
-
\??\c:\bnbbhh.exec:\bnbbhh.exe52⤵
- Executes dropped EXE
-
\??\c:\nbtbnt.exec:\nbtbnt.exe53⤵
- Executes dropped EXE
-
\??\c:\pjppd.exec:\pjppd.exe54⤵
- Executes dropped EXE
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe55⤵
- Executes dropped EXE
-
\??\c:\5xllrxf.exec:\5xllrxf.exe56⤵
- Executes dropped EXE
-
\??\c:\bnhthh.exec:\bnhthh.exe57⤵
- Executes dropped EXE
-
\??\c:\dpjjj.exec:\dpjjj.exe58⤵
- Executes dropped EXE
-
\??\c:\dpddp.exec:\dpddp.exe59⤵
- Executes dropped EXE
-
\??\c:\lrxlfrf.exec:\lrxlfrf.exe60⤵
- Executes dropped EXE
-
\??\c:\9xfxfxl.exec:\9xfxfxl.exe61⤵
- Executes dropped EXE
-
\??\c:\nttnhb.exec:\nttnhb.exe62⤵
- Executes dropped EXE
-
\??\c:\djvdj.exec:\djvdj.exe63⤵
- Executes dropped EXE
-
\??\c:\vjvvj.exec:\vjvvj.exe64⤵
- Executes dropped EXE
-
\??\c:\lxrrrrf.exec:\lxrrrrf.exe65⤵
- Executes dropped EXE
-
\??\c:\hhbnbt.exec:\hhbnbt.exe66⤵
-
\??\c:\tnbbnt.exec:\tnbbnt.exe67⤵
-
\??\c:\hnbnbb.exec:\hnbnbb.exe68⤵
-
\??\c:\jpjpp.exec:\jpjpp.exe69⤵
-
\??\c:\lfxfrrl.exec:\lfxfrrl.exe70⤵
-
\??\c:\xrxxlrl.exec:\xrxxlrl.exe71⤵
-
\??\c:\tnhhnt.exec:\tnhhnt.exe72⤵
-
\??\c:\hbtbhn.exec:\hbtbhn.exe73⤵
-
\??\c:\jddjd.exec:\jddjd.exe74⤵
-
\??\c:\lfrrfrf.exec:\lfrrfrf.exe75⤵
-
\??\c:\xrlrffl.exec:\xrlrffl.exe76⤵
-
\??\c:\9tnhth.exec:\9tnhth.exe77⤵
-
\??\c:\nnbhbb.exec:\nnbhbb.exe78⤵
-
\??\c:\7dppv.exec:\7dppv.exe79⤵
-
\??\c:\xxlxlrf.exec:\xxlxlrf.exe80⤵
-
\??\c:\9xlrxxf.exec:\9xlrxxf.exe81⤵
-
\??\c:\nhntnt.exec:\nhntnt.exe82⤵
-
\??\c:\tnbbhn.exec:\tnbbhn.exe83⤵
-
\??\c:\vpjpv.exec:\vpjpv.exe84⤵
-
\??\c:\5jpvd.exec:\5jpvd.exe85⤵
-
\??\c:\7rllxfr.exec:\7rllxfr.exe86⤵
-
\??\c:\9bttnn.exec:\9bttnn.exe87⤵
-
\??\c:\ttnbht.exec:\ttnbht.exe88⤵
-
\??\c:\dddvj.exec:\dddvj.exe89⤵
-
\??\c:\dvppd.exec:\dvppd.exe90⤵
-
\??\c:\xxlxffr.exec:\xxlxffr.exe91⤵
-
\??\c:\xrflrfr.exec:\xrflrfr.exe92⤵
-
\??\c:\htntbn.exec:\htntbn.exe93⤵
-
\??\c:\hhthhn.exec:\hhthhn.exe94⤵
-
\??\c:\ppjpv.exec:\ppjpv.exe95⤵
-
\??\c:\vpjdj.exec:\vpjdj.exe96⤵
-
\??\c:\5fllrff.exec:\5fllrff.exe97⤵
-
\??\c:\rlrlxrf.exec:\rlrlxrf.exe98⤵
-
\??\c:\nbttbb.exec:\nbttbb.exe99⤵
-
\??\c:\vdvjv.exec:\vdvjv.exe100⤵
-
\??\c:\7pjpd.exec:\7pjpd.exe101⤵
-
\??\c:\lfrxllr.exec:\lfrxllr.exe102⤵
-
\??\c:\lxrxlll.exec:\lxrxlll.exe103⤵
-
\??\c:\nhbnth.exec:\nhbnth.exe104⤵
-
\??\c:\bhtbnt.exec:\bhtbnt.exe105⤵
-
\??\c:\jvjjv.exec:\jvjjv.exe106⤵
-
\??\c:\ppvdp.exec:\ppvdp.exe107⤵
-
\??\c:\lllxrxl.exec:\lllxrxl.exe108⤵
-
\??\c:\nhbtbt.exec:\nhbtbt.exe109⤵
-
\??\c:\hbnntt.exec:\hbnntt.exe110⤵
-
\??\c:\ppddp.exec:\ppddp.exe111⤵
-
\??\c:\vppvd.exec:\vppvd.exe112⤵
-
\??\c:\rxxrlfr.exec:\rxxrlfr.exe113⤵
-
\??\c:\tbbthh.exec:\tbbthh.exe114⤵
-
\??\c:\7bthtb.exec:\7bthtb.exe115⤵
-
\??\c:\7vpvd.exec:\7vpvd.exe116⤵
-
\??\c:\vvpdp.exec:\vvpdp.exe117⤵
-
\??\c:\rlfrlrf.exec:\rlfrlrf.exe118⤵
-
\??\c:\3bnnbh.exec:\3bnnbh.exe119⤵
-
\??\c:\pdjvj.exec:\pdjvj.exe120⤵
-
\??\c:\5rlxllf.exec:\5rlxllf.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-